Using a Security Feature with a Digital Image File

ABSTRACT

Among other things, at a cloud-based service, digital image files are received from which digital images can be displayed on devices. For each of the digital image files, data is embedded in the digital image file on behalf of a party who has rights in the digital image file. The existence of the embedded data is not perceptible in any digital image that is displayed using the digital image file. The embedded data includes information from which the digital image file can be authenticated. At the cloud-based service, a digital image file is received that is to be authenticated. The digital image file is authenticated based on the embedded data.

RELATED APPLICATIONS

This application is a continuation of U.S. application Ser. No.14/167,618, which was filed Jan. 29, 2014, and is incorporated here byreference in its entirety.

BACKGROUND

This description relates to using a security feature with a digitalimage file.

An invisible or imperceptible watermark, for example, is a securityfeature that can be used to embed data into the digital image file,without the data being visible to the naked eye when the digital imageis displayed. Invisible watermarks typically cannot be cropped orotherwise edited out of the digital image or the digital image file. Ifa watermarked image or digital image file is subjected to tampering, thewatermark either remains with enough fidelity to identify the digitalimage file or the image quality is so debased that the digital imagefile is essentially destroyed. Known steganography processes can be usedto implement invisible watermarks, for example, using software that canbe installed on a workstation or other user device. Third party servicesalso provide watermarking of digital image files for users.

A user who wants to make a digital image file available online, forexample, to market the image, may be concerned that the file will bestolen or copied or used by others without the user's authorization. Byapplying an invisible watermark or having a third party apply thewatermark before the user uploads the image, the user may be able todissuade others from stealing or misusing the digital image file,without noticeably degrading the quality of the image. Once the imagefile has been uploaded to a marketing site by the user, services may beavailable that track online occurrences of the image on behalf of theuser.

SUMMARY

The following explanations may be helpful in understanding theterminology used in the following description.

Embedded data—data included in a digital watermark that is applied to adigital image file.

Key or identifier—an element of embedded data that can be used to lookup other information in a database.

Unique key or unique identifier—a key or identifier that is uniquelyassociated with image data to be looked up in the database.

Hash—a kind of unique key or identifier that is not easy (and may bevery hard) to figure out without using the hashing function associatedwith the hash.

Image data—data about an image, such as the name of the work, that isstored in a database and can be retrieved from the database using theunique key or unique identifier.

Watermark—something that is put on or in an image to alter it so that itis hard to copy the image without either also copying the watermark ordestroying the image for practical purposes. A watermark is a kind ofsecurity feature.

Digital watermark—a watermark that is embedded in a digital image filein digital form. A digital watermark can include any kind of embeddeddata, for example, a unique key or a hash. The hash can be derived fromthe digital image file by applying a hashing function to the digitalimage file.

Invisible watermark—roughly speaking, a watermark that is not visible toa viewer of the image.

Limited edition of a digital image file—A set of “instances” of thedigital image file that all produce displayed digital images that lookthe same to a human viewer; however, each of the instances of a limitededition is different from every other instance of the limited edition,because it is identified by and has embedded in a digital watermark ofthe digital image file, a unique key, for example, a unique hash.Therefore each instance of a limited edition can be distinguisheduniquely from each other instance of the limited edition.

Cloud-based—hosted on the Internet, for example, an application (or aprocess) that is hosted on the Internet. A user of the cloud-basedapplication or process need have only a digital image file, an Internetconnection (and, for example, credentials to log into the application)to make use of the functions and features of the application or process.The application or the process is completely abstracted from the pointof view of the user and the client devices used by the user.

In general, in an aspect, at a cloud-based service, digital image filesare received from which digital images can be displayed on devices. Foreach of the digital image files, data (e.g., a unique identifier orunique key or hash) is embedded in the digital image file on behalf of aparty who has rights in the digital image file. The existence of theembedded data is not perceptible in any digital image that is displayedusing the digital image file. The embedded data includes informationthat can be used in a process of authenticating the digital image file.At the cloud-based service, a digital image file is received that is tobe authenticated. The digital image file is authenticated in a processthat uses the embedded data.

Implementations may include one or a combination of any two or more ofthe following features. The embedded data comprises a hash of data inthe digital image file. The embedded data can be used (e.g., as adatabase key) to locate information about the digital image file thathas been stored at the cloud-based system. Information is stored at thecloud-based system about the digital image file and can be retrievedbased on the embedded data. Each of the digital image files is receivedthrough a publicly accessible communication network. There is a limitededition that includes one or more instances of the digital image file.The embedded data (e.g., a hash) for each of the instances of thedigital image file is uniquely associated with that instance of thelimited edition. The embedded data includes a key or identifier (and insome cases includes only the key or identifier) to information (e.g.,image data) about the instance of the digital image file; the image datais stored at the cloud-based service, separately from the digital imagefile. The information about the instance of the digital image fileincludes at least one of: an identification of a party who has rights inthe instance of the digital image file, an identification of the editionto which the instance belongs, and an identification of an instance ofthe digital image file that is included in the limited edition.

After the digital image file has been authenticated, information isprovided to a user. The information provided to the user is determinedby characteristics of the user. The information provided to the userincludes the result of the authenticating. The information provided tothe user may also include an identification of a party who has rights inthe digital image file.

After the data has been embedded in the digital image file, informationis provided to a user. The information provided to the user can includeimage data associated with the unique identifier of the instance of thedigital image file, such as the digital image file, its instance numberwithin a limited edition, or its limited edition number. The informationprovided to the user includes confirmation that the data has beenembedded. The instances of the digital image files are stored at thecloud-based service. The instances of the digital image files arereceived from a web browser or a mobile app of a user device.Information is received that defines instances of a limited edition ofthe digital image file. An image storage system is provided fordistribution of instances of the digital image files subject toconditions specified on behalf of a party who has rights in the digitalimage file and agreed to by a user. An instance of the digital imagefile is delivered to the user who has agreed to the conditions. The usercan display a digital image based on the instance of the digital imagefile. The embedded data comprises a digital watermark.

In general, in an aspect, from a cloud-based service, an instance of adigital image file is delivered to a user device in which data (e.g., adigital watermark) has been embedded at the cloud-based service onbehalf of a party who has rights in the digital image file. The deliveryof the instance of the digital image file containing the embedded datato the user is controlled in compliance with conditions that have beenspecified on behalf of the party who has rights in the digital imagefile. A digital image can be displayed on a user device based on theinstance of the digital image file.

Implementations may include one or a combination of any two or more ofthe following features. The instance of the digital image file isdelivered through a web browser or a mobile app. The user deviceincludes a device that includes a screen and a processor that candisplay the digital image using the instance of the digital image file.The instance of the digital image file includes one instance among oneor more instances of a limited edition of the digital image file. Theembedding of data (e.g., the digital watermarking) of the digital imagefile at the cloud-based service includes associating a unique identifieror key with a single instance of a limited edition of the digital imagefile. The user device on which the display occurs comprises a mobilephone, TV, monitor, projector, or any other screen or display device.

In general, in an aspect, at a user device, an instance of a digitalimage file is received from a cloud-based service. The digital imagefile has had data embedded in it (e.g., has been digitally watermarked)at the cloud-based service to protect rights of a user in the digitalimage file. The digital image file is received only on the basis of anagreement by a user to conditions for use of the digital image file. Adigital image is displayed using the instance of the digital image file.

Implementations may include one or a combination of any two or more ofthe following features. The digital image is displayed on a user device.The user device on which the digital image is displayed is the userdevice that received the instance of the digital image file. The userdevice on which the digital image is displayed is a device that isaccessible to the user device that received the instance of the digitalimage file The user device includes a wireless cellular device or adevice that has access through the Internet to the cloud-based service.The digital watermark of the digital image file is not visible in thedigital image. The instance is an instance of a limited edition of thedigital image file.

In general, in an aspect, a cloud-based service includes cloud-basedservers to provide storage service for digital image files andinformation (e.g., image data) about digital image files received fromusers. Processes run on the servers to embed data (e.g., a hash) in thedigital image files to protect rights of parties in the digital imagefiles. Authentication processes run on the servers to authenticatedigital image files received from users. The authentication processesare related to the data embedding processes.

Implementations may include one or a combination of any two or more ofthe following features. Distribution processes are run on the servers todistribute instances of the digital image files to users. Controlprocesses control distribution of instances of the digital image filesto users based on conditions imposed for the benefit of parties who haverights in the digital image files.

In general, in an aspect, at a cloud-based server, data of a digitalimage file is used to create a unique identifier (e.g., a hash) for thefile. The unique identifier is embedded in the file. The uniqueidentifier is retrieved from the file. The unique identifier is used tolocate information about the digital information file that is stored atthe cloud-based server.

These and other aspects, features, implementations, and advantages canbe expressed as methods, methods of doing business, program products,software, systems, components, databases, data structures, and in otherways.

These and other aspects, features, implementations, and advantages willbecome apparent from the following description, and from the claims.

DESCRIPTION

FIGS. 1 through 3 are block diagrams.

As shown in FIG. 1, here we describe, among other things, a cloud-basedonline image storage system 10. An image maker 15 (or image source orother client or party who holds rights in a digital image) can use thecloud-based image storage system 10 to offer for sale or rent, orotherwise market or distribute, to one or more users 11 (or customer orother party) a right to have access to and, for example, display adigital image 13 (of, for example, an original work of art). In somecases, the right that is being marketed is a right that allows the user11 to acquire (for example, by downloading from the image storagesystem) an instance of a digital image file 16 (e.g., an instance of alimited edition). Using the instance, the digital image 13 can bedisplayed on any screen 18 of any device 20 (handheld, workstation,mobile, wireless, or any other kind) to which the user has access (or adevice accessible to device 20).

The right that is acquired by the user can be a right to display thedigital image on any screen of, or to print the digital image on, anydevice 20 or device 21, even if the device on which the image isdisplayed or printed is not the device to which the digital image filewas downloaded from the image storage system. For example, the device 20could be a smart phone with an appropriate app running on it or acomputer with an application running on it that can display or print thedigital image on another device 21. For example, the other device 21could be an HDTV that is controlled by device 20. The control of theother device 21 by the first device 20 could be through a wiredconnection or a wireless connection or could be through the cloud, forexample.

Therefore, in some implementations, the cloud-based image storage systemperforms the processing and authentication in a role as a server, andone or more devices 20 operate in a role as a client to the cloud-basedserver (or servers). In some cases, once the image storage system sendsthe instance of the digital image file to the user, the digital imagefile can be displayed or printed on other devices.

Unlike some conventional digital watermarking systems—in which a userimplements and stores everything on the client side and then can decideto upload to the Internet once the processing has been done—in someimplementations of the system that we describe here, the processes ofboth digital watermarking and storing the digital image file areautomated from the viewpoint of the client (minimizing error).

In some implementations, a cloud-based digital watermarking process 22running on servers that are part of the image storage system 10 securelygenerates and embeds data (e.g., a digital watermark 24 such as a hashor other unique key) in the digital image file 16 that represents thedigital image 13 so that an instance of a digital image file 17 thatpurports to be an authentic instance of the original digital image file16 (the one associated with the rights holder 15) always may beauthenticated based on the digital watermark (by an authenticationprocess 29 running on servers of the image storage system 10) as being(or not being) an authentic instance of the original digital image file.

In addition, if an instance of the digital image file 17 isauthenticated but its embedded data associates it with a user other thanthe party who has presented it to the digital storage system forauthentication (or in some other way has attempted to use it through theimage storage system), then it is possible to track the usage by thepresenting user, on behalf of the user with whom the embedded data isassociated. If the instance of the digital image file 17 is anon-authentic instance, the image storage system only establishes thatthe digital image file is not authentic and therefore has no value.

We use the term “digital image” to refer, for example, to an image thatis formed of pixels on a display and can be visually perceived. Thepixels of a digital image 13 are stored as bytes of digital data in thedigital image file 16. The format and organization of the digital datais determined by the file format of the digital image file 16 (e.g.,jpeg, bmp, png, gif, tif, mov). We use the term digital image broadly toinclude, for example, any static digital image or any individual frameor set of frames of a video. In general, the digital watermarkingprocess that we describe can be applied to any existing digital imagefile in any existing file format that is susceptible to digitalwatermarking.

To the extent that a digital watermark can be applied to a movie file ina format such as .mov (or to the extent that such a facility becomesavailable in the future), a user of the image storage system could havethat digital watermarking applied by the image storage system. The imagestorage system will allow for such digital watermarking and technologyexists to support it.

The rights holder 15 can be any person, entity, or system that hasrights in the digital image file. The uploading of the digital imagefile can be done by the rights holder 15 or can be done by anotherparty, for example, on behalf of the rights holder. In someimplementations, the rights holder 15 is an image maker (that is, aparty who has created a digital image, for example, an artist who worksin digital media). In some cases, the rights holder 15 need not be thecreator of the digital image, but can be a party who has acquired orcontrols rights in the digital image file.

Generally, as suggested earlier, we refer to a digital watermark broadlyto include, for example, information that has been embedded in aninstance of a digital image file in such a way that it is not seen by auser who is viewing the digital image. The digital watermark (e.g., hashor other unique key) is embedded within the instance of the digitalimage file in such a way that it cannot be removed or altered withouteffectively destroying the ability to use the file to view the digitalimage. The embedded data (for example, a unique key to information thatis stored separately in a database under control of the host of theimage storage system) is useful in authenticating and tracking theimage, among other things. For example, the digital watermark can beused as a key for fetching information from a database about the imagemaker or source or rights holder. The information stored in the databasecan include information that that identifies a user as the party who isauthorized to view the digital image.

The digital watermark (e.g., the hash) can be recovered from anauthentic instance of the digital image file, and the recovered hash orother unique key can be used to such information that will enable adetermination that the digital image file or instance is authentic, forexample, that it is known to have been digitally watermarked by theimage storage system and represents exactly the instance of the digitalimage file of the rights holder.

An authentic instance of the digital image file may only be used legallyby the authorized user who has acquired the right to view the digitalimage. Because the image storage system also knows the identity of theauthorized party, the image storage system can determine either that theauthorized party was the party who presented the digital image file forauthentication or can track the use by any other (e.g., unauthorized)party who presented the instance of the digital image file forauthentication (or for any other purpose to the image storage system).

In other words, the information carried by the digital watermark can beused to confirm that the instance of the digital image file was one thathad been digitally watermarked by the image storage system, and todetermine other facts about the instance of the digital image file, suchas whether the party who presented it for authentication had theauthority to possess it. The image storage system therefore can, among awide variety of other services, provide assurances to the rights holderthat the system can always, on behalf of the rights holder, (a) confirmwhether an instance of a digital image file of the rights holder that ispresented to the system by any party is authentic, (b) if the instanceof the digital image file is not authentic (that is, the instance isunauthorized even if the digital image that it produces appearssuperficially to be the image that would be produced by theauthenticated file), capture at least some information about the partywho presented it, and (c) if the instance of the digital image file isauthentic, determine whether the party who presented it is an authorizedparty for that file, and if not, capture at least some information aboutthe party who presented it (in other words, track it).

Therefore, because there are to be agreements and licenses that definewhether a party who has possession of or uses or distributes or copiesan instance of a digital image file has done so legally, it is possibleto determine the propriety of an instance of a digital image file thatproduces a digital image that looks like one that has been processed bythe system. For example, the image storage system may be able todetermine if the instance of the digital image file is either (a) anillegal instance (because it does not bear the digital watermark), (b) alegitimate instance (that does bear the digital watermark) but has beenused illegally beyond the terms of the license (depending on where itwas located and who had possession of it) or (c) a legitimate instancethat is being used legitimately.

The portion of the digital watermark that is embedded in the instance ofthe digital image file may be nothing more than a piece of data that isa unique identifier in the form of a hash of at least some of the data(e.g., all) of the digital image file itself. As mentioned, that hashcan also serve as a key into a database of information stored in thecloud-based server. Each record of the database can include a widevariety of information about the image. As noted earlier, we sometimesrefer to the information that is embedded in the digital image filesimply as embedded data. We also sometimes refer to it as a digitalwatermark or as a unique key or a unique identifier or a hash.

The host of the cloud-based system that we describe here controls thehashing algorithm (for example, the algorithm that generates the data,hash or other unique key, that is to be embedded in the digital imagefile); someone who wants to authenticate that an instance of a digitalimage file is one that had been digitally watermarked by the system, orwho wants to learn information that is contained in (or pointed to bythe digital watermark may have the hash looked up and used to locate thecorresponding data (for example, stored separately in the database).

In general, a digital watermark can only carry a limited amount of data.So, by embedding only a hash (for example, a 10 digit number—allowingfor 10 billion unique identifiers) in the digital image file, the amountof data added to the digital image file need be no more than 4 bytes,yet that hash can point (as a unique key to the database) to an essay'sworth of multibytes (e.g., 1 MB) of information about that instance ofthe digital image file.

The rights holder may wish to market the instances of the digital imagefile 16 (e.g., to a user 11) that belong to one or more limited editionsthrough the online image storage system 10. In some cases, the rightsholder 15 may wish to market, sell, or license instances of the digitalimage file 16 through any of a wide variety of other digitaldistribution media (e.g., over the Internet directly to a buyer, on a CDor DVD, or in other ways).

Examples of a rights holder or other client 15 (we sometimes use theterms rights holder and client interchangeably) include: a photographerwho wants to sell an instance of a digital image to a press outletthrough an online portal; an image provider service that wants tolicense and instance of a digital image that it owns (but did not itselfcreate as original artwork) for commercial or private use of a buyer; anindividual who wants to protect and instance of a digital image he puton the Internet but is not offering for sale; a steganography purveyor,that is, an entity in the business of charging for the service ofproviding steganographic security for instances of a digital image; aphotographer who wishes to sell an instance of a digital image to pressor other outlets; or a commercial site (e.g., a social network site)that wants to prevent unauthorized use of instances of digital imagesthat appear on the site.

In some cases, the client 15 of the image storage system 10 may want toensure that instances of the digital image file 16 to be uploaded 17 andmarketed always can be authenticated, that is, identified in the handsof any other party as instances of the digital image file thatoriginated from the client 15. For example, suppose the client 15 and auser 11 (e.g., a potential purchaser) want to arrange a sale or licenseof a digital image file 16. The user 11 may be given access to aninstance of the digital image file 16 before purchasing it. If theinstance of the digital image file 16 were not identifiable as the onethat originated with the client in a way that could not be altered orremoved from the instance of the digital image file, the user 11 (say apress outlet) could steal the instance of the digital image file 16 anduse or distribute copies of it without the permission of the client 15.

In some cases, for this purpose, as discussed, a digital watermark 24can be embedded in instances of the digital image file 16 provided bythe client. The digital watermark 24 can be a unique identifier orunique to your hash associated with an instance of the uploaded 19digital image file and can be unalterable, that is, can be in a formthat cannot be removed from the instance of the digital image file oraltered within the instance of the digital image file without materiallyaltering or degrading the instances of the digital image that can beproduced from the file. In addition, the digital watermark can beinvisible, that is, not apparent to a viewer of the digital image. Insome cases, the embedding of the data involves making changes to some ofthe pixel values in the digital image file, which has the effect ofchanging the digital image that is produced by the instance of thedigital image file; but the changes to the digital image are so subtleas to be invisible to the naked eye.

The distribution structure by which instances of an instance of adigital image file can be made available to users 11, and the terms andconditions that govern what a user can do with an instance of a digitalimage file that it has acquired, can be determined and specified by therights holder 15. In some cases, when the rights holder 15 uploads 19the digital image file 16 to the image storage system 10, the rightsholder will authorize the sale or licensing of only a single instance ofthe digital image file to a single user. In some cases, the rightsholder can authorize the distribution of one or more instances of one ormore limited editions) each including a number of instances of a singledigital image file.

When a limited edition is authorized, a specified limited number ofinstances of the digital image file may be distributed by the imagestorage system 10 to users. Two or more limited editions of instances ofa digital image file may also be authorized.

As discussed earlier, a user who acquires the right to view an instanceof a digital image file can technically make a copy of the instance ofthe digital image file. But, in general, the image storage system helpsto limit the ability of such a user to share the copies and thereforerenders the value of such a copy only intrinsic. The unauthorized copycould not be successfully sold for profit to a buyer, because theunauthorized copy cannot not authenticated as belonging to the buyer andtherefore, the value in the buyer's hands would be its intrinsic valueonly.

In connection with the digital watermarking process, a unique identifier(hash, unique key) is generated for each instance in each limitededition. Although the identifiers are unique for every differentinstance, some of the data to which two or more of the identifiers pointcan be similar. For example, hash 1234 could point to instance 1/2 in alimited edition of two instances of “Water Lilies—Setting Sun”, the oneowned by Tom Cruise, while hash 5678 could point to instance 2/2 of“Water Lilies—Setting Sun” in the same edition, the one owned by NicoleKidman. However, much of the information to which the hash points in thedatabase for the two instances of that edition point can be the same(such as the title of the work).

If only a single instance of a digital image file has been authorized ina limited edition or outside of an edition, that instance will receiveits own unique identifier. If a rights holder uploads a number ofdifferent digital image files for different works, other than as part ofone or more editions, each of the different digital image files willreceive its own unique identifier.

In some implementations, the digital watermark 24 can be created by thewatermarking process 22 once the digital image file 16 has been uploaded17 to the cloud-based image storage system 10.

The digital watermark 24 is associated with information that is usefulor necessary for authentication and tracking of the instance of thedigital image file and possibly for other purposes. At least some of theinformation can be related to the client 15 (e.g., an image maker), tothe instance of the digital image file 16, or to a transactionassociated with the instance of the digital image file 16, orcombinations of two or more of those. The digital watermark 24 may beassociated with information related to the name of the client 15, theprovenance of the digital image file 16, the instance number and editionnumber of the digital image file 16, how many instances of the digitalimage file 16 are authorized at a given time, and digital image file 16copyright information.

When an instance of the digital image file 16 is sold, licensed, orotherwise involved in a transaction, (e.g., between the client 15 and apurchaser), the digital watermark 24 can be associated with additionalinformation (stored in the database) related to the transaction, such asthe name of the purchaser (e.g., the user 11) and the date of thetransaction. The stored information pointed to by the digital watermark24 may also provide a way for the client 15 to track instances of thedigital image file 16.

We use the term “track” broadly to include, for example, determining,for an instance of a digital image file that produces a digital imagethat looks like one that was handled by the image storage system and isin possession of a party, (1) whether the instance of the digital imagefile is authentic, (2) if not, at least some information about the partyin possession, and (3) if authentic, whether the party in possession hadthe legal right to possess that instance.

Tracking could be triggered in a variety of different ways. One waywould be to continually search the Internet for digital images and thenconfirm that the related digital image files are not being used ordisseminated illegally. Another would be to check digital image filesfor digital images that are observed as looking like ones managed by theimage storage system.

Therefore tracking can be continual, such as running continual queries,and some can be situational, e.g., seeing something that lookssuspicious or similar to a digital image managed by the image storagesystem, or, for a client, one of their digital images. The digital imagefile for the digital image then can be authenticated and tracked.

Although specific examples of information that the invisible digitalwatermark 24 can include were given above, these examples are notexhaustive.

Some of the information 210 related to the digital image file 16 that isto be included in the digital watermark (e.g., the hash and theinformation stored in the database) can be uploaded by the client orentered through a Web browser interface. The information could include,for example, the name of the client 15, the provenance of the digitalimage file 16, the instance number and edition number of the instance ofthe digital image file 16, how many instances of the digital image file16 are authorized at a given time, and digital image file 16 copyrightinformation.

If the digital image file 16 was involved in a prior transaction, (e.g.,between the client 15 and a purchaser), the image data 210 can includeinformation related to the transaction, such as the name of thepurchaser (e.g., the user 11) and the date of the transaction. When thedigital image file 16 is uploaded, the cloud-based application 22initiates a watermarking process 220, described in more detail below, tocreate an instance of the digital image file 16 that includes a digitalwatermark 24 (e.g., a unique key to stored information).

Referring to FIG. 2, in some implementations, in order to create thedigital watermark, the cloud-based process 22 reads 310 the data thatconstitutes the digital image file 16 and applies the hashing algorithmto generate 320 a unique hash 330 based on the data of the digitalimage. The unique hash 330 is unique for every uploaded digital imagefile 16 and for every instance of it that is authorized to be providedto a user, whether part of a limited edition or not.

The hash can be created using a variety of hashing algorithms. Forexample, the hash can be a unique string of numbers and letters that hasan infinitesimal possibility of being re-created from the same digitalimage, for example 123423Dec20131131PM. Even if 1234 is generated at alater time it will no longer be 11:31 PM on 23 Dec. 2013. An existingexample is the SHA-2 hash function which is implemented in OpenSSL andhas an extremely low likelihood of collision (creating two identicalhashes from two different data sets) or the SHA-3 hash that is said tobe collision proof but is not part of OpenSSL and may create hashes thatare too long for use with Digimarc. In general a SHA-2 might look likethis: “d7a8fbb307d7809469ca9abcb0082e4f8d5651e46d3cdb762d02d0bf37c9e592”and a SHA-3 might look like this:“4d741b6f1eb29cb2a9b9911c82f56fa8d73b04959d3d9d222895df6c0b28aa15”

Once the unique hash for an instance of a digital image file has beengenerated, the cloud-based watermarking process 22 can embed 340 theunique hash 330 in the digital image file 16 to create a watermarkedinstance 160 of the digital image file 16 containing an embeddedinvisible digital watermark 24. A third-party steganographic process canbe used to embed the digital watermark 24 into the digital image file16. In the process of embedding, the data of the digital image file ischanged to reflect that the hash has been embedded into it. Somesteganography tools will embed the hash once. Others will embed inmultiple places throughout the digital image file in ways that are moreresistant to manipulation. The image is changed imperceptibly as aresult of the embedding.

Although we have referred to creating and embedding a hash in theinstance of the digital image file as part of the digital watermark, anyother kind of unique identifier created in any fashion could be used andembedded in the digital image file and used as a value from whichinformation about the digital image file can be located or identified instorage in the cloud-based system. We sometimes use the phrase embeddeddata to refer to any kind of unique identifier that is embedded into theinstance of the digital image file. The embedded data can then be usedto find the other information stored in the cloud-based system. In someimplementations the embedded data is a unique key into a database. Butother implementations would also be possible for storage of theadditional information.

The digitally watermarked instance of the digital image file can then beused, just as the original digital image file could be used, to displaythe digital image of the work. The digital watermark will be invisibleto the user. However, the digital watermarking can be detected in thedata bytes of the digitally watermarked digital image file and cannot bealtered or stripped from the digital image file without altering thedigital image that is displayed using the tampered instance of thedigital image file.

The cloud-based watermarking process 22 can determine whether thewatermarking process 22 was successful 350 or unsuccessful 360. Afailure could be caused, for example, by a read or write error on thecomputer or during the request-response cycle of the upload. A failurewould mean that a readable watermark had not successfully been created.If the watermarking process 22 is successful 350, the cloud basedwatermarking process 22 can send the hash 330 (or other uniqueidentifier or key) and the digital image file 16 embedded with thedigital watermark 24 to a success callback routine (400 in FIG. 4). Ifthe watermarking process 220 is unsuccessful 360, the cloud basedapplication 22 can return a failure message 430 to the client 15.

The success callback routine 400 can attempt to save the unique hash 330in a database 410 (maintained by the servers of the cloud-based imagestorage system 10) along with image data 210, for example, the editionnumber, the identity of the rights holder, and the identity of theartist associated with the instance of the digital image file 16 so thata relatively short unique identifier 215 (the unique hash or otherunique key) can then be used as a pointer to represent a much largerbody of information (the image-related data stored elsewhere).

If the unique hash 330 (or other unique identifier or key) and the imagedata 210 have been successfully saved to the database 410, the digitalimage file 16 embedded with the invisible digital watermark 24 is savedto the database 410, and a success response 420 is sent to the client15. Up to this point, the instance of the digital image file 16 embeddedwith the invisible digital watermark 24 only exists in memory of theservers. This prevents a copy of the digital image file 16 from beingstored without having its associated unique hash 330 and image data 210in place in the database. If the process to save the information to thedatabase does not succeed, a failure response 430 is returned to theclient 15, and the transaction is rolled back to a previous point (e.g.,the client 15 may be instructed to upload the digital image file 16 andthe image data 210 again).

As discussed earlier, in some cases, a digital image file 13 can be soldas multiple instances of a limited digital edition. When a user 11purchases a right to use an instance of a limited edition of a digitalimage file 16, the user 11 then owns a license to the instance of thedigital image file 16, that is, a right to view the digital imageproduced by the instance of the digital image file 16 for a specificperiod of time on any device. The duration of the right to view couldrange from, say, a day or a week, to perpetually, or broadly to anyperiod in a range from 0 to infinity. In some examples, the length oftime would be one month.

As shown in FIG. 3, once the digital image file has been watermarked andthe unique hash and image data have been stored in the database of theimage storage system 10, any party who is interested, such as the rightsowner or a potential buyer (we sometimes refer to such a party as arequestor 600) can upload an instance of the digital image file 16 tothe image storage system 10 to be authenticated. The uploaded instanceof the digital image file 16 may or may not have an embedded digitalwatermark 24. The cloud based authentication process 28 can include adigital watermark reading algorithm 610. The same process used to createthe digital watermark typically can be used to read the digitalwatermark. For example, the process of verifying the success of theembedding of the watermark, described earlier, is predicated on theability to read to the embedded watermark. The data read from thedigital watermark 24 of the instance of the digital image file producesa database key 620 that is a key into the database stored in the serversand is associated with the invisible digital watermark 24. The databasekey 620 can be, for example, the identifier 215 of FIG. 2. In thedatabase, the key 620 is associated with image data 210, assuming thatthe database includes a record for which the key value is the same asthe key value obtained from the uploaded instance of the digital imagefile.

If the digital watermark reading algorithm 610 detects that the instanceof the digital image file 16 does not have an embedded digital watermark24, or if the digital watermark reading algorithm 610 is unable to readthe embedded digital watermark 24, the algorithm can return a failureresponse 660 to the requestor 600 indicating that it is not possible toconfirm the authenticity of the uploaded file. If the digital watermarkreading algorithm 610 detects that the instance of the digital imagefile 16 has an embedded digital watermark 24 and is able to read theinvisible digital watermark 24 and obtain a database key 620 associatedwith the digital watermark 24, the cloud based authentication process 22can use the database key 620 to obtain the image data 210 that is storedin the database 410 and is associated with the digital image file. Thecloud based authentication process 28 then can determine if the instanceof the digital image file 16 is authentic and perform other processessuch as tracking.

In some implementations, the requestor 600 can be a user 11 who haslegally purchased or licensed an instance of a digital image file 16 andhas the right to display the corresponding digital image. In someimplementations, the requestor 600 can be a client 15 (e.g., the imagemaker). In some implementations, the requestor 600 can be anyone inpossession of an instance of a digital image file 16. In someimplementations, the requestor 600 can be a system administrator. Theidentity of the requestor 600 can determine what information from theimage data in the database, if any, is sent to the requestor 600 in averification (e.g., authentication) response 670.

In some implementations, if the requestor 600 is an authenticated user111, the cloud based authentication process 28 can return all image data210 associated with the digital image file 16 in the verificationresponse 670.

In some implementations, the cloud based authentication process 22returns less than all of the image data 210 associated with the instanceof the digital image file 16 in the verification response 670.

In some implementations, if the requestor 600 is the image maker, thecloud based authentication process 22 can return all image data 210associated with the instance of the digital image file 16 in theverification response 670.

In some implementations, if the requestor 600 is someone 113 other thanan authenticated user 11 or the image maker, the cloud basedauthentication process 28 can return less than all of the image data 210associated with the instance of the digital image file 16 in theverification response 670.

In some implementations, the cloud based authentication process 28 mayreturn information to the requestor 600 only about the authenticity ofthe instance of the digital image file 16 in the verification response670.

If the requestor is not an authenticated user, a notification can beissued to the host of the image storage system or to the rights holderas this may indicate illicit ownership or use of an image with a digitalwatermark.

If a potential buyer or third party wants to test an instance of adigital image file, the third party can submit the file to the imagestorage system for authentication and in return receive a simple yes orno response.

In some implementations, if the requestor 600 is a system administrator115, the cloud based authentication process 28 can return all image data210 associated with the instance of the digital image file 16 in theverification response 670.

For example, a regular user may receive information noting that thedigital image is copyrighted while a system administrator might receivedetailed information about the edition, provenance, and creator of theinstance of the digital image file. A user 11 may be authenticated bylogging into the cloud based authentication process 22 and entering apassword.

The system and techniques that we have described here will providerights holders and other clients with a simpler, easier, lower cost,more effective way to embed invisible watermarks in their digital imagefiles and to identify and track their digital image files on theInternet to protect their rights. The image storage system can operatein the cloud, a mode of image use that is becoming more and more popularand can store copyrighted and edition-based instances of digital imagefiles securely online.

As we have explained, among functions performed by implementations ofthe cloud-based processes are the following:

1. Embedding an invisible digital watermark into an uploaded digitalimage file in response to the click of a button by a user through aweb-based cloud application.

2. Storing data about the image in secure databases on serverscontrolled by the host of the processes.

3. Allowing the digital watermark to be identified and matched withstored image data, for example, to authenticate the image using thedigital watermark (e.g., the hash) as the data key and to perform otherprocesses using the image data found in the database.

4. Allowing for digital image files for images found on the Internet orthat have been digitally disseminated to be uploaded and verified(authenticated) against the cloud-based system's database of existingdigital watermarks.

5. Enabling a third party to scan the Internet and send instances ofdigital image files for verification (authentication).

Thus, the cloud-based system that we have described can embed digitalwatermarks using a cloud-based service that marks those images with dataabout the image, data that is invisible to the naked eye and nearlyimpossible to remove from the image without destroying the image.Watermarks can be added to any digital image files that are expressed informats such as a jpeg, png, gif, and others, enabling parties to trackthe files if they are disseminated digitally.

The cloud-based digital watermarking and authentication processes arepart of a cloud-based image storage system that can serve as a platformfor digital art that enables artists to upload digital works of art instill, gif, video, or other digital media formats to sell to users sothat users may display those works of art on any screen they own (anycommercially available screen, tablet, computer, or device with ascreen) or on screens created and sold specifically for the purpose. Assteganography and digital watermarking technology and services becomeavailable for video files, the same processes can be used and the sameadvantages achieved.

Protecting the digital image files on the cloud-based platform isimportant. Because the instances of digital image files are sold inlimited digital editions, it is useful to embed data into the digitalimage files that allows the platform (by using the embedded key to fetchimage data stored in a database) to determine who created the images,what limited edition they belong to, how many instances of the editionwere authorized at one time, and a wide variety of other information.Knowing this will enable the platform to determine whether or not imagesof digital works are being used and disseminated illegally, for example.This protects the artists' creations and the values of the works to thebuyers.

These cloud-based processes are useful to all creators of digital imageswho want to protect and track digital image files in the digital space.Current providers of steganography technologies can also use theprocesses to provide their users with a seamless cloud-based facility toimplement a digital watermark and disseminate, authenticate, and trackdigitally watermarked images. Creators or digital watermarking serviceproviders can access the cloud-based processes using the web or a mobileapplication. Enabling users to mark digital image files of theircreation so that those digital image files may be identified as theirwork and tracked if they are disseminated legally or illegally throughthe Internet or other digital means allows digital image creators tomore easily and seamlessly protect their intellectual property andidentify if that intellectual property has been used or disseminatedwithout their permission.

The techniques described here can be implemented in digital electroniccircuitry, or in computer hardware, firmware, software, or incombinations of them. The techniques can be implemented as a computerprogram product, i.e., a computer program tangibly embodied in aninformation carrier, e.g., in a machine-readable storage device or in apropagated signal, for execution by, or to control the operation of,data processing apparatus, e.g., a programmable processor, a computer,or multiple computers, or portable, mobile, and handheld devices.

Such a computer program can be written in any form of programminglanguage, including compiled or interpreted languages, and it can bedeployed in any form, including as a stand-alone program or as a module,component, subroutine, or other unit suitable for use in a computingenvironment or a mobile environment. The program can be cloud-based,workstation based, or in the form of a mobile app, for example. Acomputer program can be deployed to be executed on one computer or onmultiple computers at one site or distributed across multiple sites andinterconnected by a communication network.

Steps of the techniques described here can be performed by one or moreprogrammable processors executing a computer program to performfunctions by operating on input data and generating output. Steps canalso be performed by, and apparatus to perform the steps can beimplemented as, special purpose logic circuitry, e.g., an FPGA (fieldprogrammable gate array) or an ASIC (application-specific integratedcircuit). Modules can refer to portions of the computer program and/orthe processor/special circuitry that implements that functionality.

Processors suitable for the execution of a computer program include, byway of example, both general and special purpose microprocessors, andany one or more processors of any kind of digital computer or mobiledevice. Generally, a processor will receive instructions and data from aread-only memory or a random access memory or both. The essentialelements of a computer are a processor for executing instructions andone or more memory devices for storing instructions and data. Generally,a computer will also include, or be operatively coupled to receive datafrom or transfer data to, or both, one or more mass storage devices forstoring data, e.g., magnetic, magneto-optical disks, or optical disks.Information carriers suitable for embodying computer programinstructions and data include all forms of non-volatile memory,including by way of example semiconductor memory devices, e.g., EPROM,EEPROM, and flash memory devices; magnetic disks, e.g., internal harddisks or removable disks; magneto-optical disks; and CD-ROM and DVD-ROMdisks. The processor and the memory can be supplemented by, orincorporated in special purpose logic circuitry.

To provide for interaction with a user, the techniques described hereincan be implemented on a computer having a display device, e.g., amonitor, for displaying information to the user and a keyboard and apointing device, e.g., a mouse or a trackball, or a touch sensitivesurface, by which the user can provide input to the computer (e.g.,interact with a user interface element, for example, by clicking abutton on such a pointing device or touching the surface). Other kindsof devices can be used to provide for interaction with a user as well;for example, feedback provided to the user can be any form of sensoryfeedback, e.g., visual feedback, auditory feedback, or tactile feedback;and input from the user can be received in any form, including acoustic,speech, or tactile input.

The techniques described here can be implemented in a distributedcomputing system, for example, one operating in the cloud, that includesa back-end component, e.g., as a data server, and/or a middlewarecomponent, e.g., an application server, and/or a front-end component,e.g., a client computer having a graphical user interface and/or a Webbrowser or mobile app through which a user can interact, or anycombination of such back-end, middleware, or front-end components. Thecomponents of the system can be interconnected by any form or medium ofdigital data communication, e.g., a communication network. Examples ofcommunication networks include a local area network (“LAN”), a wide areanetwork (“WAN”), e.g., the Internet, and cellular networks, and includeboth wired and wireless networks.

The computing system can include clients and servers. A client andserver are generally remote from each other and typically interact overa communication network. The relationship of client and server arises byvirtue of computer programs running on the respective computers ordevices and having a client-server relationship to each other.

Other embodiments are within the scope of the following claims.

1.-38. (canceled)
 39. A method comprising receiving an identification ofa digital image file to be protected against unauthorized use, andinformation to be associated with a digital watermark to be embedded inthe digital image file at a server, the information indicating how manyinstances of the digital image file are permitted to be distributedafter the digital watermark has been embedded, uploading the informationand the digital image file to a server with the digital watermark notyet embedded, receiving from the server confirmation that the digitalwatermark has been embedded in the digital image file, uploading to theserver a copy of the digital image file for authentication as one of theone or more instances of the digital file that are permitted to bedistributed, and receiving from the server information about theauthenticity of the digital image file.
 40. The method of claim 39 inwhich the copy of the digital image file is uploaded by or on behalf ofa party who is an owner of rights in the digital image file.
 41. Themethod of claim 39 in which the copy of the digital image file isuploaded by or on behalf of a party who is a holder of the digital imagefile.
 42. The method of claim 39 in which the information about theauthenticity includes some or all of the information associated with thedigital watermark.
 43. The method of claim 39 in which the informationabout the authenticity indicates that the digital image file is notauthentic.
 44. The method of claim 39 in which the information about theauthenticity includes an identification of a party who has rights in thedigital image file.
 45. The method of claim 39 in which the informationabout the authenticity indicates that the party who uploaded the digitalfile for authentication is not a party who is legally a holder of thedigital image file.
 46. The method of claim 39 in which the informationabout the authenticity includes information about the party who uploadedit for authentication.
 47. The method of claim 39 in which theinformation about the authenticity is received by an owner of rights inthe digital image file.
 48. The method of claim 39 in which the embeddeddigital watermark comprises a hash of data in the digital image file.49. A method comprising at a server, receiving an upload of a digitalimage file to be protected against unauthorized use, and information tobe associated with a digital watermark to be embedded in the digitalimage file at a server, the information indicating how many instances ofthe digital image file are permitted to be distributed after the digitalwatermark has been embedded, the uploaded digital image file notcontaining the embedded digital watermark, sending from the server aconfirmation that the digital watermark has been embedded in the digitalimage file, at a server, receiving an upload of a copy of the digitalimage file for authentication as one of the one or more instances of thedigital file that are permitted to be distributed, and sending from theserver information about the authenticity of the digital image file. 50.The method of claim 49 in which the copy of the digital image file isreceived from a party who is or represents an owner of rights in thedigital image file.
 51. The method of claim 49 in which the copy of thedigital image file is received from a party who is or represents aholder of the digital image file.
 52. The method of claim 49 in whichthe information about the authenticity includes some or all of theinformation associated with the digital watermark.
 53. The method ofclaim 49 in which the information about the authenticity indicates thatthe digital image file is not authentic.
 54. The method of claim 49 inwhich the information provided to the user includes an identification ofa party who has rights in the digital image file.
 55. The method ofclaim 49 in which the information about the authenticity indicates thatthe party who uploaded the digital file for authentication is not aparty who is legally a holder of the digital image file.
 56. The methodof claim 39 in which the information about the authenticity includesinformation about the party who uploaded it for authentication.
 57. Themethod of claim 49 in which the information about the authenticity issent to an owner of rights in the digital image file.
 58. The method ofclaim 49 in which the embedded digital watermark comprises a hash ofdata in the digital image file.
 59. An apparatus comprising acloud-based service that includes cloud-based servers to provide storageservice for digital image files and information about digital imagefiles received from users, the cloud-based servers being configured toreceive identifications of digital image files to be protected againstunauthorized use, and information to be associated with digitalwatermarks to be embedded in the digital image files at the servers, theinformation indicating how many instances of each of the digital imagefile are permitted to be distributed after the digital watermark hasbeen embedded, receive the information and the digital image files withthe digital watermarks not yet embedded, sending confirmation that eachof the digital watermarks has been embedded in the corresponding digitalimage file, receiving at the servers copies of the digital image fileseach for authentication as one of the one or more instances of thecorresponding digital file that are permitted to be distributed, andsending information about the authenticity of the digital image files toother devices.
 60. An apparatus comprising a client device running aprogram that is configured to receive from a user an identification of adigital image file to be protected against unauthorized use, andinformation to be associated with a digital watermark to be embedded inthe digital image file at a server, the information indicating how manyinstances of the digital image file are permitted to be distributedafter the digital watermark has been embedded, upload the informationand the digital image file to a server with the digital watermark notyet embedded, receive from the server confirmation that the digitalwatermark has been embedded in the digital image file, upload to theserver a copy of a digital image file for authentication as one of theone or more instances of a digital file that are permitted to bedistributed, and receive from the server information about theauthenticity of the digital image file.